summaryrefslogtreecommitdiff
path: root/source4/rpc_server/drsuapi
AgeCommit message (Collapse)AuthorFilesLines
2013-09-16s4-rpc_server/drsuapi: Print ldb error showing why we failed to perform the ↵Andrew Bartlett1-1/+1
access check Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-08-06drs-cracknames: Reorganise the cracknames list so that similar format names ↵Matthieu Patou1-6/+6
are group together It makes easier when reviewing failed test case in DRSR testsuite Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
2013-08-06Add Notes related to DRSUAPIMatthieu Patou1-0/+1
Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Andrew Bartlett <abarlett@samba.org>
2013-07-24rpc_server-drsuapi: Improve comments and DEBUG linesAndrew Bartlett1-4/+3
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-06-30Fix a missing parenthesis in the LDAP search requestMatthieu Patou1-1/+1
Signed-off-by: Matthieu Patou <mat@matws.net> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Sun Jun 30 13:34:13 CEST 2013 on sn-devel-104
2013-06-12dsdb: Allow dsdb_find_dn_by_guid to show deleted DNsAndrew Bartlett1-2/+2
This helps us in the KCC as we need to return the deleted DN for the GUID in DsReplicaGetInfo calls (tested for deleted servers against Windows 2008R2). Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-05-17drsuapi: Debug more clearly why NC is bad in updateRefsMatthieu Patou1-0/+2
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri May 17 04:17:14 CEST 2013 on sn-devel-104
2013-05-16rpc_server-drsuapi: Include the failing DN when unable to convert DB objects ↵Andrew Bartlett1-4/+6
to DRS This is a very serious situation (it should not happen) so getting information on the objects that this happens for would be very helpful. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-22drsuapi: Add documentationMatthieu Patou1-3/+18
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-17drs-fsmo: Improve handling of FSMO role takeover.Andrew Bartlett1-1/+2
This needs to be more async, and give less scary errors. Andrew Bartlett Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-01s4:drsuapi: try to behave more like windows for usn order (bug #9508)Stefan Metzmacher1-11/+18
We don't behave completely like a Windows server, but it's much more identical than before. The partition head is always the first object followed by the rest sorted by uSNChanged. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Jan 1 21:09:42 CET 2013 on sn-devel-104
2013-01-01s4:drsuapi: make use of LDB_TYPESAFE_QSORT() and pass getnc_stateStefan Metzmacher1-10/+14
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: make sure we report the meta data from the cycle start (bug #9508)Stefan Metzmacher1-9/+38
We should build the final highwatermark and uptodatevector of a replication cycle at the start of the cycle. Before we search for the currently missing objects. Otherwise we risk that some objects get lost. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: check the source_dsa_invocation_id (bug #9508)Stefan Metzmacher1-0/+15
The given highwatermark is only valid relative to the specified source_dsa_invocation_id. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: make sure we never return the same highwatermark twice in a ↵Stefan Metzmacher1-0/+36
replication cycle (bug #9508) If the highwatermark given by the client is not the one we expect, we need to start a new replication cycle. Otherwise the destination dsa skips objects and linked attribute values. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: add drsuapi_DsReplicaHighWaterMark_cmp()Stefan Metzmacher1-0/+20
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: always use the current uptodateness_vectorStefan Metzmacher1-11/+9
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: avoid a ldb_dn_copy() and use talloc_move() insteadStefan Metzmacher1-3/+3
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: remove unused 'highest_usn' from drsuapi_getncchanges_stateStefan Metzmacher1-4/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-01s4:drsuapi: move struct drsuapi_getncchanges_state to the top of getncchanges.cStefan Metzmacher1-17/+17
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-10-07drsuapi: Validate the input parameters for the drsuapi_UpdateRefs functionMatthieu Patou1-0/+16
2012-10-07drsuapi: check more carefully the validity of the NCMatthieu Patou1-4/+11
Check that both the GUID and DN are the GUID/DN of a NC if not return WERR_DS_DRA_BAD_NC
2012-10-07s4-drs: fix the logic to allow REPL_SECRET if the account has GET_ALL_CHANGESMatthieu Patou1-0/+24
2012-10-07s4-drs: EXOP_REPL_SECRETS can be called by RW DC as wellMatthieu Patou1-7/+15
2012-10-07drs-getncchanges: do not set the highestUsn to 0Matthieu Patou1-1/+0
Paragraph 4.1.10.5 says that if err = 0 then msgOut.pNC := msgIn.pNC msgOut.usnvecFrom := msgIn.usnvecFrom so no need to set the highestUsn to 0
2012-10-07kcc: return invalid parameter if the taskId is not 0Matthieu Patou1-1/+3
2012-10-07Implement the LIST_INFO_FOR_SERVER input formatMatthieu Patou1-1/+2
2012-10-07getdcinfo: Check that the server object has a serverreference objects ↵Matthieu Patou1-2/+4
pointing to a DC object The problem was found by the DRSR testsuite where server objects were created in the Site container without serverrefrence attribute triggering error in the testsuite.
2012-09-25s4:rpc_server/drsuapi: use talloc_zero instead of talloc() in ↵Stefan Metzmacher1-1/+1
dcesrv_drsuapi_DsBind() metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Sep 25 03:06:13 CEST 2012 on sn-devel-104
2012-09-25s4:rpc_server/drsuapi: fix a crash in ↵Stefan Metzmacher1-6/+6
dcesrv_drsuapi_DsGetDomainControllerInfo_1() metze
2012-08-14s4-repl: Use samdb_reference_dn_is_our_ntdsa()Andrew Bartlett1-15/+13
2012-08-14s4-dsdb: Add mem_ctx argument to samdb_ntds_settings_dnAndrew Bartlett2-3/+3
As this value is calculated new each time, we need to give it a context to live on. If the value is the forced value during provision, a reference is taken. This was responsible for the memory leak in the replication process. In the example I was given, this DN appeared in memory 13596 times! Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue Aug 14 10:05:14 CEST 2012 on sn-devel-104
2012-05-04Fix direct access to krb5_principal structureSimo Sorce1-2/+4
2011-12-23s4:drsuapi/getncchanges: the default for isRecycled is FALSEStefan Metzmacher1-1/+1
metze Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Fri Dec 23 09:30:09 CET 2011 on sn-devel-104
2011-12-23s4-drsuapi: we store boolean in upppercase so we need to test them in uppercaseMatthieu Patou1-4/+4
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-19s4:drsuapi/getncchanges: return WERR_NOMEM if talloc_array() failsStefan Metzmacher1-0/+3
metze
2011-12-19s4-drs: introduce a timeout in the getncchanges processing to always return ↵Matthieu Patou1-6/+27
something in less than x seconds Signed-off-by: Andrew Tridgell <tridge@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-12-19s4-drs: avoid calling unecesserly ldb_msg_find_attr_as_* as this call in ↵Matthieu Patou1-26/+45
unefficient Current implementation of ldb_msg_find_attr_as_* iterate on the list of attributes returned by the search and make a string comparison. As we sorting the array of messages / guids we tend to call this function many times. By storing the GUID and the USN in a separate structure we are sure to call this function only once per attribute and object. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-11-13s4-drs: check if we have a domain level >= 2k8r2 as before the isRecycled do ↵Matthieu Patou1-7/+24
not exists and so is always False Having a false value cause the link on removed attribute to be always returned which is what we try to avoid.
2011-10-04s4-drs: added DSDB_REPL_FLAG_ADD_NCNAME to DsAddEntry callAndrew Tridgell1-0/+1
we want new NCs to be created
2011-09-20s4-drs: allow replication of the GC partial attribute setAndrew Tridgell1-5/+95
when a DC has the GUID_DRS_GET_FILTERED_ATTRIBUTES right on a NC, we need to allow it to replicate if all the attributes it is asking for are in the GC partial attribute set Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Tue Sep 20 13:47:38 CEST 2011 on sn-devel-104
2011-08-26s4-drsuapi Allow DsAddEntry of normal objectsAndrew Bartlett1-1/+6
We previously only allowed objects of class ntDSDSA Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Fri Aug 26 15:34:21 CEST 2011 on sn-devel-104
2011-08-25s4-drs: fixed msdcs DNS name in getncchangesAndrew Tridgell1-3/+2
2011-08-10s4-drs: In dcesrv_drsuapi_DsRemoveDSServer use the subtree control to delete ↵Matthieu Patou1-1/+2
the NTDS entry This entry has most of the time subelements (connections between DCs) that will forbid a simple (non recursive) delete
2011-07-27s4-dcerpc: Do not return linked attribute on deleted objects it makes W2k8R2 ↵Matthieu Patou1-1/+15
loops when joining s4 domains Autobuild-User: Matthieu Patou <mat@samba.org> Autobuild-Date: Wed Jul 27 00:46:56 CEST 2011 on sn-devel-104
2011-07-11s4-drs: do not return links pointed to unexistant objectsMatthieu Patou1-0/+24
When an object is deleted, link pointed to it are marked as inactive. When the same object is purged we do not remmove the link pointed to it (we can't know them) so they stay in the database, it turns to be a problem for Windows 2008. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-06-10s4-drs: added debug lines for missing linked attribute fieldsAndrew Tridgell1-0/+8
this improved the logging of bugs related to linked attribute replication Autobuild-User: Andrew Tridgell <tridge@samba.org> Autobuild-Date: Fri Jun 10 03:26:21 CEST 2011 on sn-devel-104
2011-06-10s4-drs: cope with missing RMD_ADDTIME in linked attributesAndrew Tridgell1-4/+6
upgraded links can be missing the RMD_ADDTIME field
2011-05-11s4/getncchanges: Pre-mark extended requests as success in case a ↵Kamen Mazdrashki1-0/+4
sub-function "forget" to do this
2011-05-11s4/getncchanges: Implement placeholder for handling ex-op collection of objectsKamen Mazdrashki1-13/+44
Right now it is solely based on function that handles objects in normal DsGetNCChanges calls.